javascript - 是否预计 Node 应用程序会随着其依赖项的较新版本的创建而停止工作？

问题描述

我正在尝试在线学习一些 Web 开发主题的教程，该教程在 github 上有相关代码。当我下载它时，相关的目录结构如下所示：

E:\dev\angular-components-step-1>dir

 Directory of E:\dev\angular-components-step-1

09/18/2021  10:53 PM    <DIR>          .
09/18/2021  10:53 PM    <DIR>          ..
09/18/2021  10:52 PM                44 .gitignore
09/18/2021  10:53 PM    <DIR>          client
09/18/2021  10:52 PM             1,504 Gulpfile.js
09/18/2021  10:52 PM               824 package.json
09/18/2021  10:52 PM               245 README.md
09/18/2021  10:52 PM               516 webpack.config.js
               5 File(s)          3,133 bytes

创建我正在关注的教程的人说npm install下载后运行。当我这样做时，我得到了以下信息：

E:\dev\angular-components-step-1>npm install
npm WARN deprecated angular-ui-router@0.2.18: This npm package 'angular-ui-router' has been renamed to '@uirouter/angularjs'. Please update your package.json. See https://ui-router.github.io/blog/uirouter-scoped-packages/
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated lodash.padright@3.1.3: This package is discontinued. Use lodash.padend@^4.0.0.
npm WARN deprecated css-list@0.1.3: Deprecated.
npm WARN deprecated postcss-single-charset@0.3.0: Package no longer supported. Contact support@npmjs.com for more info.
npm WARN deprecated core-js@1.2.7: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated browserslist@0.4.0: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated flatten@0.0.1: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.2 (node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.0.0 (node_modules\watchpack\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN ng-blog@1.0.0 No repository field.

在我看来，问题在于自创建本教程以来，此应用程序中使用的软件包的更新版本已经出现。

我的问题是：

1. 即使这些包的更新版本已经发布，为什么我不能只使用 project.json 中指定的版本？

2. 如果我想让它工作，我需要遵循什么一般流程？也就是说，我可以只获得当前版本并且一切都应该工作，还是我需要做些什么来确保一切都可以一起工作？

3. 如果从github下载的项目是在前一段时间创建的，是否普遍认为会发生这样的事情，而这只是经常需要处理的事情？

标签： javascriptnode.jsnpm